NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2006

RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 18

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Mon May 08 2006 - 19:58:37 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The number of new vulnerabilities found this week exceeded 100 again.
Most are in software that is not widely used, but MySQL users had
multiple new critical vulnerabilities to concern them.

*************************************************************************
RISK: The Consensus Security Vulnerability Alert
May 8, 2006 Vol. 5. Week 18
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

- -----------------------------------------------------------------
Platform Number of Updates and Vulnerabilities
- -----------------------------------------------------------------
Windows 1
Other Microsoft Products 1
Third Party Windows Apps 15
Mac Os 1
Linux 6
Unix 2
Cross Platform 16 (#2, #3, #4, #5)
Web Application - Cross Site Scripting 17
Web Application - SQL Injection 18
Web Application 32 (#1)
Network Device 3
- ------------------------------------------------------------------
**************** Sponsored By Blue Coat Systems, Inc. *******************

SSL VPNs: Lesson Learned
Sponsored by: Blue Coat

Learn how to get the most out of SSL VPNs. Honest, technical, and
to-the-point, this eBooklet, by analyst Don Jones, discusses what SSL
VPNs promised, how they originally failed to deliver, and why the
technology is making comeback. He'll answer your questions, explains the
technology, and set you on the path to success. Learn more.
http://www.sans.org/info.php?id=1139
*************************************************************************

Part I -- Critical Vulnerabilities from TippingPoint, a division of 3Com
(www.tippingpoint.com)

Widely Deployed Software
(1) MODERATE: Nagios Negative Content Length Buffer Overflow
(2) MODERATE: Multiple MySQL Remote Code Execution and Information
Disclosure Vulnerabilities
(3) MODERATE: Multiple LibTIFF Buffer Vulnerabilities
(4) MODERATE: Mozilla Firefox "designMode" Denial of Service
(5) MODERATE: X11 XRender Extension Buffer Overflow

*************************************************************************
TRAINING UPDATE SANS FIRE 2006 IN WASHINGTON DC
July 5-13 - Bring your family for the fireworks and stay for SANS
largest conference in Washington.

The industry's best security courses - extraordinary faculty;
authoritative up-to-the-minute material - shows you how to do the job
and gives you the confidence to go back and do it immediately.

"Jacked my paranoia level up around my ears, and then gave me the tools
to manage the threat." (Don Geiger, DCPS Division of Technology)

Offers every one of SANS' 17 immersion training courses plus 12 short
courses and a big exposition: SANS Security Essentials, Hacker
Exploits, System Forensics, Intrusion Detection, Auditing, plus training
for CISSP exam and all Technical certification required for DoD 8570 and
more. Plus special evening sessions by the global security leaders who
staff the Internet Storm Center.

http://www.sans.org/sansfire06/
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Windows
06.18.1 - Microsoft May Advance Notification Multiple Vulnerabilities
-- Other Microsoft Products
06.18.2 - Internet Explorer Unspecified OBJECT Tag Memory Corruption
-- Third Party Windows Apps
06.18.3 - Servant Salamander UnaceV2.DLL Buffer Overflow
06.18.4 - WinISO Directory Traversal
06.18.5 - EZB Systems UltraISO Directory Traversal
06.18.6 - Retrospect Backup Server Local Privilege Escalation
06.18.7 - ArGoSoft FTP Server RNTO Command Remote Buffer Overflow
06.18.8 - Golden FTP Server NLST Command Remote Buffer Overflow
06.18.9 - FileZilla FTP Server MLSD Command Remote Buffer Overflow
06.18.10 - WarFTPd WDM.EXE Remote Buffer Overflow Vulnerability
06.18.11 - Gene6 FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
06.18.12 - BankTown ActiveX Control Remote Buffer Overflow
06.18.13 - UltraVNC Weak Challenge-Response Authentication
06.18.14 - Sami FTP Server Unspecified Authentication Buffer Overflow
06.18.15 - XM Easy Personal FTP Server Unspecified Authentication Buffer Overflow
06.18.16 - Cryptomathic ActiveX Control Remote Buffer Overflow
06.18.17 - ACFTP FTP Server User Command Remote Denial of Service
-- Mac Os
06.18.18 - Mac OS X ImageIO OpenEXR Image File Remote Denial of Service
-- Linux
06.18.19 - Linux Kernel SMBFS CHRoot Security Restriction Bypass
06.18.20 - Linux Kernel CIFS CHRoot Security Restriction Bypass
06.18.21 - Linux Kernel SCTP-netfilter Remote Denial of Service
06.18.22 - Linux Kernel SELinux_PTrace Local Denial of Service
06.18.23 - Linux Kernel RNDIS_Query_Response Remote Buffer Overflow
06.18.24 - Linux-VServer Local Insecure Guest Context Capabilities
-- Unix
06.18.25 - X.Org XRender Extension Buffer Overflow
06.18.26 - CGI:IRC Client.C Remote Buffer Overflow and Denial of Service Vulnerabilities
-- Cross Platform
06.18.27 - LibTiff Multiple Denial of Service Vulnerabilities
06.18.28 - LibTiff TIFFFetchData Integer Overflow
06.18.29 - LibTIFF Double Free Memory Corruption Vulnerability
06.18.30 - SWS Web Server Multiple Arbitrary Code Execution Vulnerabilities
06.18.31 - Oracle Multiple Unspecified Vulnerabilities
06.18.32 - ResMgr Unauthorized USB Device Access
06.18.33 - Clam AntiVirus FreshClam Remote Buffer Overflow
06.18.34 - MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
06.18.35 - rsync Receive_XATTR Integer Overflow Vulnerability
06.18.36 - Oracle Unspecified DBMS_Assert Bypass
06.18.37 - EjabberD Installer Insecure Temporary File Creation
06.18.38 - Quagga Information Disclosure and Route Injection Vulnerabilities
06.18.39 - LibTiff TIFFToRGB Denial of Service
06.18.40 - zawhttpd Remote HTTP GET Denial of Service
06.18.41 - CA Resource Initialization Manager Local Privilege Escalation
06.18.42 - PHP Multiple Unspecified Vulnerabilities
-- Web Application - Cross Site Scripting
06.18.43 - NeoMail NeoMail.PL SessionID Parameter Cross-Site Scripting
06.18.44 - PostNuke Multiple Cross-Site Scripting Vulnerabilities
06.18.45 - TextFileBB Multiple Cross-Site Scripting Vulnerabilities
06.18.46 - OrbitHYIP Multiple Cross-Site Scripting Vulnerabilities
06.18.47 - SunShop Shopping Cart Multiple Cross-Site Scripting Vulnerabilities
06.18.48 - Collaborative Portal Server POS Parameter Cross-Site Scripting
06.18.49 - JSBoard Login.PHP Cross-Site Scripting
06.18.50 - Zenphoto Multiple Cross-Site Scripting Vulnerabilities
06.18.51 - XDT Pro Stats.PHP Cross-Site Scripting
06.18.52 - GeoBlog Viewcat.PHP Cross-Site Scripting
06.18.53 - Virtual Hosting Control System Server_day_stats.PHP Multiple
Cross-Site Scripting Vulnerabilities
06.18.54 - Pinnacle Cart Index.PHP Cross-Site Scripting
06.18.55 - CmScout Multiple Cross-Site Scripting Vulnerabilities
06.18.56 - MyNews Multiple Cross-Site Scripting Vulnerabilities
06.18.57 - Albinator Multiple Cross-Site Scripting Vulnerabilities
06.18.58 - PHP Linkliste Linkliste.PHP Multiple Cross-Site Scripting Vulnerabilities
06.18.59 - Cute Guestbook Comments HTML Injection
- - -- Web Application - SQL Injection
06.18.60 - Network Administration Visualized Multiple SQL Injection Vulnerabilities
06.18.61 - DUclassified Detail.ASP SQL Injection
06.18.62 - Blog Mod Weblog_posting.PHP SQL Injection
06.18.63 - 4images Multiple SQL Injection Vulnerabilities
06.18.64 - PHPNuke Downloads Module SQL Injection
06.18.65 - PHP Newsfeed Multiple SQL Injection Vulnerabilities
06.18.66 - Ruperts News Script Login.PHP SQL Injection
06.18.67 - DeltaScripts PHP Pro Publish Multiple SQL Injection Vulnerabilities
06.18.68 - AZNEWS News.PHP SQL Injection
06.18.69 - MaxTrade Multiple SQL Injection Vulnerabilities
06.18.70 - SBlog Search.PHP SQL Injection
06.18.71 - Invision Gallery Post.PHP SQL Injection
06.18.72 - Pacheckbook Index.PHP Multiple SQL Injection Vulnerabilities
06.18.73 - Invision Power Board Func_mod.PHP SQL Injection
06.18.74 - Invision Power Board Index.PHP SQL Injection
06.18.75 - saPHP Lesson Multiple SQL Injection
06.18.76 - Invision Community Blog Mod.PHP SQL Injection
06.18.77 - Newsadmin Readarticle.PHP SQL Injection
-- Web Application
06.18.78 - I-RATER Platinum Config_settings.TPL.PHP Remote File Include
06.18.79 - Artmedic Event Index.PHP Remote File Include
06.18.80 - CoolMenus Index.PHP Remote File Include
06.18.81 - Trac Wiki Macro Remote HTML Injection Vulnerabilities
06.18.82 - Advanced GuestBook Addentry.PHP Remote File Include
06.18.83 - Thyme Search Page HTML Injection
06.18.84 - W-Agora BBCode Script Injection
06.18.85 - PlanetGallery Gallery_admin.PHP Authentication Bypass
06.18.86 - JMK Picture Gallery Admin_Gallery.PHP3 Authentication Bypass
06.18.87 - DMCounter Kopf.PHP Remote File Include
06.18.88 - HB-NS Multiple Input Validation Vulnerabilities
06.18.89 - Limbo CMS SQL.PHP Remote File Include
06.18.90 - phpBB Knowledge Base Mod KB_constants.PHP Remote File Include
06.18.91 - Xine Filename Handling Remote Format String
06.18.92 - Simple Poll Authentication Bypass
06.18.93 - OpenPHPnuke Remote File Include
06.18.94 - X7 Chat Index.PHP Local File Include
06.18.95 - SF-Users Username HTML Injection
06.18.96 - Russcomm Network LoginPHP Username HTML Injection
06.18.97 - FileProtection Express Authentication Bypass
06.18.98 - Russcom Network Loginphp Open EMail Relay
06.18.99 - 312Soft PhP-Gallery Multiple Input Validation Vulnerabilities
06.18.100 - FtrainSoft Fast Click Multiple Remote File Include Vulnerabilities
06.18.101 - Fast Click SQL Lite Show.PHP Remote File Include
06.18.102 - PHPBB-Auction Auction_Common.PHP Remote File Include
06.18.103 - PunBB Multiple Input Validation Vulnerabilities
06.18.104 - Albinator Multiple Remote File Include Vulnerabilities
06.18.105 - CyberBuild Multiple Input Validation Vulnerabilities
06.18.106 - Bigwebmaster Guestbook Multiple HTML Injection Vulnerabilities
06.18.107 - AWStats Remote Arbitrary Command Execution
06.18.108 - Stadtaus Guestbook Index.PHP Remote File Include
06.18.109 - WebCalendar Username Enumeration
-- Network Device
06.18.110 - Cisco Unity Express Expired Password Privilege Escalation
06.18.111 - Fujitsu NetShelter Unspecified DNS Denial Of Service
06.18.112 - hostapd Invalid EAPOL Key Length Remote Denial Of Service

************************ Sponsored Links: *******************************

1) Strata Guard Free
Freeware version of StillSecure's award winning intrusion detection/
prevention system (IDS/IPS) Download now.
http://www.sans.org/info.php?id=1140

2) SANSHome - Security 601: Reverse-Engineering Malware - Hands-On
with Lenny Zeltser starts June 6. Save $150 by registering before May
17! Live training delivered to your home PC.
http://www.sans.org/athome/details.php?id=1418

*************************************************************************
PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar and Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
Archives at http://www.sans.org/newsletters/risk

*************************
Widely Deployed Software
*************************

(1) MODERATE: Nagios Negative Content Length Buffer Overflow
Affected:
Nagios version 2.x prior to 2.3
Nagios version 1.x prior to 1.4

Description: Nagios is an open-source program that monitors networks,
hosts and services. It is a popular network monitoring application used
worldwide by many organizations. Nagios CGI scripts are primarily used
to access the monitored information. The Nagios software contains a
buffer overflow that can be triggered by an HTTP request containing a
negative HTTP "Content-Length" header. A remote attacker could exploit
this flaw to execute arbitrary code with the privileges of the Nagios
user (often root). Note that a typical configuration may not require
authentication for all Nagios scripts.

Council Site Actions: Only one of the responding council sites is
running the affected software, and on a very small number of machines
and possibly only one machine running the old Apache version. They will
most likely update the software within the next month.

References:
Vendor Advisory
https://sourceforge.net/mailarchive/forum.php?thread_id=10297806&forum_id=7890
http://www.nagios.org/development/changelog.php
SecurityFocus BID
Not posted yet.

- ----------------------------------------------------------------

(2) MODERATE: Multiple MySQL Remote Code Execution and Information
Disclosure Vulnerabilities
Affected:
MySQL version 4.1.x prior to 4.1.19
MySQL version 5.0.x prior to 5.0.21
MySQL version 5.1.x prior to 5.1.10

Description: MySQL database server suffers from a buffer overflow and
information disclosure vulnerabilities. The server contains a buffer
overflow that can be triggered by specially crafted "COM_TABLE_DUMP"
packets (used to dump database tables). An authenticated MySQL user can
exploit this flaw to execute arbitrary code on the database server.
Additionally, by sending specially-crafted "login" and "COM_TABLE_DUMP"
requests to a MySQL process, an attacker could cause portions of the
memory to be returned in the resulting error messages. This information
can then be used in constructing exploit code. Proof-of-concept exploit
for the "COM_TABLE_DUMP" flaw has been posted. Note that an
unauthenticated attacker can exploit the vulnerabilities via any SQL
injection flaws in a front-end web application.

Status: Vendor confirmed, patches available. Upgrade to MySQL versions
4.1.19, 5.0.21 and 5.1.10 (when available). Use firewalls to block port
3306/tcp from the Internet.

Council Site Actions: One site has already updated its non-RedHat
systems and is waiting on patches for the RedHat platforms. Another
site is treating this as a very low threat since only a small number of
important machines are running the affected software; no account can
access the daemon over the network, and the total number of accounts is
very small. They will most likely update these systems within the next
month.

References:
MySQL Advisory
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
http://dev.mysql.com/doc/connector/j/en/news-5-0-21.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
CERT Advisory
http://www.kb.cert.org/vuls/id/602457
Posting by Stefano
http://www.wisec.it/vulns.php?page=8
http://www.wisec.it/vulns.php?page=7
SecurityFocus BID
http://www.securityfocus.com/bid/17780
- ----------------------------------------------------------------

(3) MODERATE: Multiple LibTIFF Buffer Vulnerabilities
Affected:
LibTIFF versions prior to 3.8.1

Description: The libtiff library provides various functions to store and
read the Tag Image File Format (TIFF), a popularly used image file
format. This library is used on Linux by GNOME and KDE applications, the
Mozilla and Mozilla Firefox web browsers, the xv image manipulation
program, and other popular applications. The library contains multiple
buffer overflows that were discovered by supplying "fuzzed" TIFF images.
A malicious image in a webpage or an HTML email may exploit the flaws
to potentially execute arbitrary code on a Linux/Unix client. The
technical details required to leverage the flaws have been posted.

Status: Upgrade to version 3.8.1. Linux vendors like RedHat have also
released patched versions.

Council Site Actions: Two of the reporting council sites are using the
affected software. They plan to push out the patches during their next
regularly scheduled system update cycle.

References:
Vendor Advisory
http://www.remotesensing.org/libtiff/v3.8.1.html
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
TIFF Image Format
http://www.libtiff.org/TIFFTechNote2.html
SecurityFocus BIDs
http://www.securityfocus.com/bid/17730
http://www.securityfocus.com/bid/17733
http://www.securityfocus.com/bid/17809

- ----------------------------------------------------------------

(4) MODERATE: Mozilla Firefox "designMode" Denial of Service
Affected:
Firefox versions prior to 1.5.0.3

Description: Mozilla Firefox contains a DoS vulnerability that arises
from the failure to properly parse certain JavaScript constructs. A
specially-crafted web page can inject malicious code into a user's
browser session, and potentially execute the code with the privileges
of the logged-on user (not confirmed). The vulnerability is triggered
when certain deleted objects are re-referenced while the "designMode"
property is set. The "designMode" property is used for features such as
building rich text editor in a webpage. The proof-of-concept exploit is
included in the Mozilla Bugzilla.

Status: Upgrade to version 1.5.0.3. Ensure that the "autoupdate" feature
is enabled in the "Tools->Options->Advanced" configuration section.

Council Site Actions: Most of the council sites are using Firefox, but
it is not supported by their central IT departments. However, most of
the users have Auto Update turned on and expect the users to be updated
in due time.

References:
Mozilla Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-30.html
https://bugzilla.mozilla.org/show_bug.cgi?id=334515
SecurityFocus BID
http://www.securityfocus.com/bid/17671

*************************************************************************

(5) MODERATE: X11 XRender Extension Buffer Overflow
Affected:
All versions of X11R6 and X11R7 when using the XRender extension

Description: X11, the package deployed on most Linux and BSD
installations, contains a buffer overflow vulnerability in its XRender
extension (installed and enabled by default on most systems). The
XRender extension is used to perform complex graphical compositing and
manipulation. This flaw allows authenticated users to execute code with
the privileges of the X server user, typically root. Note that it may
be possible to execute this vulnerability remotely using remote X
display primitives, but this would still require user authentication.
The technical details required to leverage the flaw are publicly
available.

Note that although this is a privilege escalation vulnerability (not
typically included in the RISK); owing to the widespread distribution
of the X11 package an exception has been made in this case.

Status: X.Org has published patches. Various Linux vendors are working
on releasing their own patches. A workaround is to disable to "XRender"
extension by adding the following lines to xorg.conf file:

Section "Extensions"
Option "RENDER" "disable"
EndSection

References:
X.Org Security Advisory
http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
http://xorg.freedesktop.org/releases/X11R6.8.2/patches/xorg-68x-CAN-2006-1526.patch
http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-mitri.diff
http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-mitri.diff
Technical Details
https://bugs.freedesktop.org/show_bug.cgi?id=6642
SecurityFocus BID
http://www.securityfocus.com/bid/17795

*********************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 18, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5002 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.

06.18.1 CVE: Not Available
Platform: Windows
Title: Microsoft May Advance Notification Multiple Vulnerabilities
Description: Microsoft has released advance notification that they
will be releasing three security bulletins for Windows on May 9, 2006.
The highest severity rating for these issues is Critical.

- - One bulletin for Microsoft Exchange. The highest severity rating for
this issue is Critical.
- - Two bulletins for Microsoft Windows. The highest severity rating for
these issues is Critical.
Ref: http://www.microsoft.com/technet/security/bulletin/advance.mspx
______________________________________________________________________

06.18.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Internet Explorer Unspecified OBJECT Tag Memory Corruption
Description: Microsoft Internet Explorer is prone to an unspecified
memory corruption issue which can be exploited via a malicious web
page to potentially execute arbitrary code in the context of the
current user. Please see the attached advisory for details.
Ref: http://www.securityfocus.com/bid/17820
______________________________________________________________________

06.18.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Servant Salamander UnaceV2.DLL Buffer Overflow
Description: Servant Salamander is a small and fast two pane file
manager with open plugin architecture. Servant Salamander is
susceptible to a filename buffer overflow vulnerability. Servant
Salamander version 2.5 RC1 resolves the issue.
Ref: http://www.securityfocus.com/archive/1/432357
______________________________________________________________________

06.18.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: WinISO Directory Traversal
Description: WinISO is an ISO and BIN file archiving application for
Microsoft Windows. It is prone to a vulnerability that may allow an
attacker to place files and to overwrite files in arbitrary locations
on a vulnerable computer. This issue occurs when the application
processes malicious ISO and BIN archives. This issue affects WinISO
version 5.3.
Ref: http://www.securityfocus.com/bid/17721
______________________________________________________________________

06.18.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: EZB Systems UltraISO Directory Traversal
Description: UltraISO is an ISO and BIN file archiving application. An
attacker can carry out attacks using directory traversal strings. This
issue occurs when the application processes malicious ISO and BIN
archives. Exploitation of this issue lets an attacker place
potentially malicious files in arbitrary locations on a victim user's
computer in the context of the user running the affected application.
This issue affects UltraISO version 8.0.0.1392.
Ref: http://secway.org/advisory/AD20060428.txt
______________________________________________________________________

06.18.6 CVE: CVE-2006-2155
Platform: Third Party Windows Apps
Title: Retrospect Backup Server Local Privilege Escalation
Description: Dantz Retrospect Backup Server is a network backup
server. It is vulnerable to a local privilege escalation issue due to
not ensuring that administrative privileges are dropped before
executing applications. Dantz Retrospect Server versions 6.5, 7.0 and
7.5 are vulnerable.
Ref: http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.5177423
______________________________________________________________________

06.18.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: ArGoSoft FTP Server RNTO Command Remote Buffer Overflow
Description: ArGoSoft FTP Server is affected by a buffer overflow
issue when handling data through the RNTO command. All current
versions are affected.
Ref: http://www.securityfocus.com/bid/17789
______________________________________________________________________

06.18.8 CVE: CVE-2006-2180
Platform: Third Party Windows Apps
Title: Golden FTP Server NLST Command Remote Buffer Overflow
Description: Golden FTP Server is a FTP server application for the
Microsoft Windows operating system. It is prone to a buffer overflow
vulnerability when handling data through the NLST command.
Ref: http://www.securityfocus.com/bid/17801
______________________________________________________________________

06.18.9 CVE: CVE-2006-2173
Platform: Third Party Windows Apps
Title: FileZilla FTP Server MLSD Command Remote Buffer Overflow
Description: FileZilla FTP Server is vulnerable to a buffer overflow
vulnerability due to insufficient handling of data through the MLSD
command. FileZilla Server versions 0.9.16 b and earlier are
vulnerable.
Ref: http://www.securityfocus.com/bid/17802
______________________________________________________________________

06.18.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: WarFTPd WDM.EXE Remote Buffer Overflow Vulnerability
Description: WarFTPd is an FTP server application. It is vulnerable to
a buffer overflow issue when receiving excessive data to the internal
memory buffer. War FTP Daemon versions 1.82 RC10 and earlier are
vulnerable.
Ref: http://www.securityfocus.com/bid/17803
______________________________________________________________________

06.18.11 CVE: CVE-2006-2172
Platform: Third Party Windows Apps
Title: Gene6 FTP Server Multiple Commands Remote Buffer Overflow
Vulnerabilities
Description: Gene6 FTP Server is an FTP server available for the
Microsoft Windows platform. It is prone to multiple buffer overflow
vulnerabilities when handling data through the "MKD", "RMD", "XMKD",
and "XRMD" commands. This issue is reported to affect version 3.1.0.
Ref: http://www.securityfocus.com/bid/17810
______________________________________________________________________

06.18.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: BankTown ActiveX Control Remote Buffer Overflow
Description: BankTown provides an ActiveX control as a common
certificate solution for banking services in Korea. BankTown ActiveX
control is prone to a buffer overflow vulnerability. This issue
affects the "URI" parameter of the "SetBannerURL()" function. BankTown
ActiveX Control versions 1.5.2.50209 and 1.4.2.51817 are vulnerable.
Ref: http://www.securityfocus.com/bid/17815
______________________________________________________________________

06.18.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: UltraVNC Weak Challenge-Response Authentication
Description: UltraVNC is susceptible to a weak challenge-response
authentication vulnerability. This issue is due to the use of insecure
encryption during the authentication process of UltraVNC when
configured to utilize the Microsoft Logon authentication mechanism.
UltraVNC version 1.0.1 is vulnerable.
Ref: http://www.securityfocus.com/bid/17824
______________________________________________________________________

06.18.14 CVE: CVE-2006-2212
Platform: Third Party Windows Apps
Title: Sami FTP Server Unspecified Authentication Buffer Overflow
Description: Sami FTP Server is an FTP server for various Microsoft
Windows. It is prone to an unspecified buffer overflow vulnerability
that affects the username and password commands of the affected FTP
server, likely allowing remote, anonymous attackers to exploit this
issue. Version 2.0.2 of Sami FTP Server is affected by this issue.
Ref: http://www.securityfocus.com/archive/1/432944
______________________________________________________________________

06.18.15 CVE: Not Available
Platform: Third Party Windows Apps
Title: XM Easy Personal FTP Server Unspecified Authentication Buffer
Overflow
Description: XM Easy Personal FTP Server is vulnerable to an
unspecified buffer overflow issue due to insufficient boundary
checking on user-supplied data before storing it in a finite-sized
buffer. XM Easy Personal FTP Server version 4.3 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432960
______________________________________________________________________

06.18.16 CVE: Not Available
Platform: Third Party Windows Apps
Title: Cryptomathic ActiveX Control Remote Buffer Overflow
Description: Cryptomathic provides an ActiveX control to handle
various cryptographic functions. It is affected by a buffer overflow
issue due to an error in the "createPKCS10()" function of the
"cenroll.dll" library. All versions of Cryptomathic are vulnerable.
Ref: http://www.securityfocus.com/bid/17852
______________________________________________________________________

06.18.17 CVE: Not Available
Platform: Third Party Windows Apps
Title: ACFTP FTP Server User Command Remote Denial of Service
Description: ACFTP is an FTP server. It is vulnerable to a remote
denial of service issue due to the application's failure to properly
handle excessive data through the "USER" command. ACFTP version 1.4
and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17855
______________________________________________________________________

06.18.18 CVE: Not Available
Platform: Mac Os
Title: Mac OS X ImageIO OpenEXR Image File Remote Denial of Service
Description: OpenEXR is a software package and image file format by
Industrial Light & Magic. It is affected by a denial of service issue
due to improper processing of malformed OpenEXR image files. Please
see the referenced advisory for a list of vulnerable versions.
Ref: http://www.securityfocus.com/bid/17768
______________________________________________________________________

06.18.19 CVE: Not Available
Platform: Linux
Title: Linux Kernel SMBFS CHRoot Security Restriction Bypass
Description: The Linux Kernel is prone to a security restriction
bypass vulnerability affecting the chroot implementation. A local
attacker who is bounded by the chroot can bypass the filesystem
security restriction through use of directory traversal strings such
as "../". Please see the referenced advisory for details.
Ref: http://www.securityfocus.com/bid/17735
______________________________________________________________________

06.18.20 CVE: CVE-2006-1863
Platform: Linux
Title: Linux Kernel CIFS CHRoot Security Restriction Bypass
Description: The Linux Kernel is prone to a security restriction
bypass vulnerability affecting the chroot implementation. This issue
is due to a failure in the kernel to properly sanitize user-supplied
data. The problem affects chroot inside of a smb-mounted filesystem
(cifs). A local attacker who is bounded by the chroot can exploit this
issue to bypass the chroot restriction and gain unauthorized access to
the filesystem. An attacker can bypass the filesystem security
restriction through use of directory traversal strings.
Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434
______________________________________________________________________

06.18.21 CVE: Not Available
Platform: Linux
Title: Linux Kernel SCTP-netfilter Remote Denial of Service
Description: The Linux kernel netfilter module is susceptible to a
remote denial of service vulnerability. This issue is triggered when
excessive kernel memory is consumed in an infinite loop. This problem
stems from a memory leak in the kernel's "SCTP-netfilter" code. Kernel
versions prior to 2.6.16.13 are vulnerable.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13
______________________________________________________________________

06.18.22 CVE: Not Available
Platform: Linux
Title: Linux Kernel SELinux_PTrace Local Denial of Service
Description: The Linux kernel is vulnerable to a local denial of
service issue due to a design error when SELinux is enabled and ptrace
is utilized. The Linux kernel versions 2.6.16.13 and earlier are
vulnerable.
Ref: http://marc.theaimsgroup.com/?l=selinux&m=114226465106131&w=2
______________________________________________________________________

06.18.23 CVE: Not Available
Platform: Linux
Title: Linux Kernel RNDIS_Query_Response Remote Buffer Overflow
Description: The Linux kernel contains support for running as a USB
slave which enables Linux to run in embedded USB peripheral devices.
It is prone to a remote buffer-overflow issue due to a failure of the
kernel to properly bounds check user-supplied data in the
"rndis_query_response()" function. Linux kernel versions in the
version 2.6 series prior to 2.6.16 are affected.
Ref: http://www.securityfocus.com/bid/17831
______________________________________________________________________

06.18.24 CVE: Not Available
Platform: Linux
Title: Linux-VServer Local Insecure Guest Context Capabilities
Description: The Linux-VServer project implements virtual servers for
the Linux operating system. It is susceptible to a vulnerability
regarding insecure guest context capabilities. The kernel fails to
properly enforce security restrictions in guest hosts. This issue
allows unprivileged users in guest hosts to perform various operations
that should be restricted to superusers.
Ref: http://www.securityfocus.com/bid/17842
______________________________________________________________________

06.18.25 CVE: CVE-2006-1526
Platform: Unix
Title: X.Org XRender Extension Buffer Overflow
Description: The X.Org X Windows System is a Windows server. It is
prone to a buffer overflow vulnerability in the render extension.
Visit the referenced advisory for details.
Ref: http://www.openbsd.org/errata.html#xorg
______________________________________________________________________

06.18.26 CVE: Not Available
Platform: Unix
Title: CGI:IRC Client.C Remote Buffer Overflow and Denial of Service
Vulnerabilities
Description: CGI:IRC is a web-based IRC client application implemented
in Perl. It is is susceptible to multiple remote vulnerabilities. A
buffer overflow vulnerability presents itself when overly large cookie
data is processed by the application. A denial of service
vulnerability presents itself due to the improper bounded usage of
cookie data. This issue allows remote attackers to crash the affected
application, denying service to legitimate users. Version 0.5.7 is
vulnerable to these issues.
Ref: http://www.securityfocus.com/bid/17799
______________________________________________________________________

06.18.27 CVE: Not Available
Platform: Cross Platform
Title: LibTiff Multiple Denial of Service Vulnerabilities
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of Tag Image File Format (TIFF) files. LibTIFF is
affected by multiple denial of service issues. Please read the
attached advisory for details.
Ref: http://www.securityfocus.com/bid/17730
______________________________________________________________________

06.18.28 CVE: CVE-2006-2025
Platform: Cross Platform
Title: LibTiff TIFFFetchData Integer Overflow
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of Tag Image File Format (TIFF) files. Applications
utilizing the LibTIFF library are prone to an integer overflow
vulnerability. This issue occurs in the "TIFFFetchData()" function of
"tif_dirread.c".
Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
______________________________________________________________________

06.18.29 CVE: CVE-2006-2026
Platform: Cross Platform
Title: LibTIFF Double Free Memory Corruption Vulnerability
Description: LibTIFF is a library designed to read and manipulate Tag
Image File Format (TIFF) files. It is vulnerable to a memory
corruption issue due to the cleanup functions of "tif_jpeg.c",
"tif_pixarlog.c", "tif_fax3.c", and "tif_zip.c". LibTIFF version 3.8.1
or later resolves the issue.
Ref: http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
______________________________________________________________________

06.18.30 CVE: Not Available
Platform: Cross Platform
Title: SWS Web Server Multiple Arbitrary Code Execution
Vulnerabilities
Description: SWS Web Server is a web server implementation that is
designed to serve static web pages. It is prone to multiple format
string and buffer overflow vulnerabilities that can be exploited to
execute arbitrary code. These issues are due to a failure in the
application to do proper bounds checking and to properly sanitize
user-supplied input to "sws_web_server.c". SWS Web Server versions
0.1.7 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/432362
______________________________________________________________________

06.18.31 CVE: Not Available
Platform: Cross Platform
Title: Oracle Multiple Unspecified Vulnerabilities
Description: Oracle products are vulnerable to multiple unspecified
vulnerabilities. The issues include cross-site scripting, SQL
injection, security bypass, and plaintext password. See the referenced
advisory for further details.
Ref: http://www.red-database-security.com/advisory/upcoming_alerts.html
______________________________________________________________________

06.18.32 CVE: Not Available
Platform: Cross Platform
Title: ResMgr Unauthorized USB Device Access
Description: ResMgr is a resource manager library daemon and PAM
module. It is affected by an issue which permits unauthorized access
to USB devices. Please see the attached advisory for a list of
vulnerabile versions.
Ref: http://www.securityfocus.com/bid/17752
______________________________________________________________________

06.18.33 CVE: CVE-2006-1989
Platform: Cross Platform
Title: Clam AntiVirus FreshClam Remote Buffer Overflow
Description: ClamAV is an antivirus application. It is vulnerable to a
remote buffer overflow issue due to insufficient handling of large
amount of bytes in the HTTP response header while attempting to
retrieve updated signatures. ClamAV versions 0.88 and 0.88.1 are
vulnerable.
Ref: http://www.clamav.net/doc/0.88.2/ChangeLog
______________________________________________________________________

06.18.34 CVE: Not Available
Platform: Cross Platform
Title: MySQL Remote Information Disclosure and Buffer Overflow
Vulnerabilities
Description: MySQL is an open source relational database project. It
is vulnerable to multiple remote issues such as buffer overflow and
information disclosure. See the reference for futher details. MySQL
versions 5.1.9 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432734
______________________________________________________________________

06.18.35 CVE: Not Available
Platform: Cross Platform
Title: rsync Receive_XATTR Integer Overflow Vulnerability
Description: The rsync utility is used to synchronize files and
directory structures across a network. Insufficient sanitization of
the "name_len" and "datum_len" values exposes the application to an
integer overflow issue. rsync versions prior to 2.6.8 are affected.
Ref: http://www.securityfocus.com/bid/17788
______________________________________________________________________

06.18.36 CVE: Not Available
Platform: Cross Platform
Title: Oracle Unspecified DBMS_Assert Bypass
Description: Oracle is affected by an unspecified "dbms_assert" bypass
issue. "dbms_assert" is a security function utilized to sanitize
user-supplied input in order to prevent SQL injection vulnerabilities.
See the advisory for details.
Ref: http://www.securityfocus.com/bid/17800
______________________________________________________________________

06.18.37 CVE: Not Available
Platform: Cross Platform
Title: EjabberD Installer Insecure Temporary File Creation
Description: ejabberd is a distributed Jabber/XMPP server. The
"ejabberd-1.1.1_1-linux-installer.bin" installation process creates
temporary files in an insecure manner and with insecure file
permissions. ejabberd version 1.1.1_2 has been released to fix this
issue.
Ref: http://www.securityfocus.com/bid/17804
______________________________________________________________________

06.18.38 CVE: Not Available
Platform: Cross Platform
Title: Quagga Information Disclosure and Route Injection
Vulnerabilities
Description: Quagga is a routing package that has support for multiple
dynamic routing protocols. It is susceptible to remote information
disclosure and route injection vulnerabilities. These issues are due
to flaws in the application that fail to properly ensure that required
authentication and protocol configuration options are enforced. Quagga
versions 0.98.5 and 0.99.3 are vulnerable to these issues.
Ref: http://www.securityfocus.com/bid/17808
______________________________________________________________________

06.18.39 CVE: Not Available
Platform: Cross Platform
Title: LibTiff TIFFToRGB Denial of Service
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of Tag Image File Format (TIFF) files. It is affected
by a denial of service issue due to the "TIFFToRGB" function's
improper handling of certain parameters. LibTIFF versions 3.8 and
earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17809
______________________________________________________________________

06.18.40 CVE: Not Available
Platform: Cross Platform
Title: zawhttpd Remote HTTP GET Denial of Service
Description: zawhttpd is an open source HTTP server. It is vulnerable
to a remote denial of service issue due insufficient handling of
handle GET requests containing excessive "" characters. zawhttp
version 0.8.23 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432955
______________________________________________________________________

06.18.41 CVE: Not Available
Platform: Cross Platform
Title: CA Resource Initialization Manager Local Privilege Escalation
Description: CA Resource Initialization Manager (CAIRIM) is
susceptible to a local privilege escalation vulnerability. This issue
is due to a flaw in the CAIRIM LMP SVC. This issue is due to a flaw in
the interaction between CAIRIM LMP SVC and legitimate SVC invoking
code. All versions of CA Resource Initialization Manager are
vulnerable.
Ref: http://supportconnectw.ca.com/public/ca_common_docs/cairim-affprods.asp
______________________________________________________________________

06.18.42 CVE: Not Available
Platform: Cross Platform
Title: PHP Multiple Unspecified Vulnerabilities
Description: PHP is a general purpose scripting language. It is
affected by multiple unspecified vulnerabilities. Please see the
attached advisory for details.
Ref: http://www.securityfocus.com/bid/17834
______________________________________________________________________

06.18.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: NeoMail NeoMail.PL SessionID Parameter Cross-Site Scripting
Description: NeoMail is a web-based email client application.
Insufficient sanitization of the "sessionid" parameter in the
"neomail.pl" script exposes the application to a cross-site scripting
issue.
Ref: http://www.securityfocus.com/bid/17728
______________________________________________________________________

06.18.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PostNuke Multiple Cross-Site Scripting Vulnerabilities
Description: PostNuke is a content management application.
Insufficient sanitization of the "Func" and "OP" parameter exposes the
application to multiple cross-site scripting issues. All current
versions are affected.
Ref: http://www.securityfocus.com/bid/17743
______________________________________________________________________

06.18.45 CVE: CVE-2006-2143
Platform: Web Application - Cross Site Scripting
Title: TextFileBB Multiple Cross-Site Scripting Vulnerabilities
Description: TextFileBB is a bulletin board application. It is
vulernable to multiple cross-site scripting issues due to insufficient
sanitization of user-supplied input to the "[color]", "[size]" and
"[url]" tags of unspecified scripts. TextFileBB version 1.0.16 is
vulnerable.
Ref: http://www.securityfocus.com/archive/1/432461
______________________________________________________________________

06.18.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: OrbitHYIP Multiple Cross-Site Scripting Vulnerabilities
Description: OrbitHYIP is a membership and referral application. It is
prone to multiple cross-site scripting vulnerabilities due to
insufficient sanitization of user-supplied input to the "referral"
parameter of the "signup.php" script and the "id" parameter of the
"members.php" script. OrbitHYIP version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/17766
______________________________________________________________________

06.18.47 CVE: CVE-2006-2124
Platform: Web Application - Cross Site Scripting
Title: SunShop Shopping Cart Multiple Cross-Site Scripting
Vulnerabilities
Description: SunShop Shopping Cart is an online shopping cart
application. It is vulnerable to multiple cross-site scripting issues
due to insufficient sanitization of user-supplied input to the
"index.pho" script. SunShop Shopping Cart version 3.5 is vulnerable.
Ref: http://pridels.blogspot.com/2006/05/sunshop-xss-vuln.html
______________________________________________________________________

06.18.48 CVE: CVE-2006-2141
Platform: Web Application - Cross Site Scripting
Title: Collaborative Portal Server POS Parameter Cross-Site Scripting
Description: Collaborative Portal Server is a web content management
application for the Zope web application framework. It is prone to a
cross-site scripting vulnerability. Collaborative Portal Server
version 3.4.0 is vulnerable.
Ref: http://pridels.blogspot.com/2006/04/cps-340-xss.html
______________________________________________________________________

06.18.49 CVE: CVE-2006-2109
Platform: Web Application - Cross Site Scripting
Title: JSBoard Login.PHP Cross-Site Scripting
Description: JSBoard is a web-based discussion board application. It
is prone to a cross-site scripting vulnerability due to the
application's failure to properly sanitize user-supplied input to the
"table" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/432714
______________________________________________________________________

06.18.50 CVE: CVE-2006-2187
Platform: Web Application - Cross Site Scripting
Title: Zenphoto Multiple Cross-Site Scripting Vulnerabilities
Description: Zenphoto is a web-based photo album application. It is
vulnerable to multiple cross-site scripting issues due to insufficient
sanitization of user-supplied input to the "index.php" script.
Zenphoto versions 1.0.1 and earlier are vulnerable.
Ref: http://zone14.free.fr/advisories/2/
______________________________________________________________________

06.18.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: XDT Pro Stats.PHP Cross-Site Scripting
Description: XDT Pro is a web content management application for the
Zope web application framework. Insufficient sanitization of the "id"
parameter in the "stats.php" script exposes the application to a
cross-site scripting issue. XDT Pro version 2.3 is affected.
Ref: http://www.securityfocus.com/bid/17781
______________________________________________________________________

06.18.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GeoBlog Viewcat.PHP Cross-Site Scripting
Description: GeoBlog is a web-log application. Insufficient
sanitization of the "cat" parameter in the "viewcat.php" script
exposes the application to a cross-site scripting issue. GeoBlog
version 1.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/17784
______________________________________________________________________

06.18.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Virtual Hosting Control System Server_day_stats.PHP Multiple
Cross-Site Scripting Vulnerabilities
Description: Virtual Hosting Control System is a web site management
application. It is prone to multiple cross-site scripting
vulnerabilities because the application fails to properly sanitize
user-supplied input to the "year", "month" and "day" parameters of the
"server_day_stats.php" script. Virtual Hosting Control System version
2.4.7.1 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432711
______________________________________________________________________

06.18.54 CVE: CVE-2006-2163
Platform: Web Application - Cross Site Scripting
Title: Pinnacle Cart Index.PHP Cross-Site Scripting
Description: Pinnacle Cart is web-based shopping cart software
implemented in PHP. It is prone to a cross-site scripting
vulnerability. This issue is due to the application's failure to
properly sanitize user-supplied input to the "setbackurl" parameter of
the "index.php" script.
Ref: http://pridels.blogspot.com/2006/04/pinnacle-cart-xss.html
______________________________________________________________________

06.18.55 CVE: CVE-2006-2188
Platform: Web Application - Cross Site Scripting
Title: CmScout Multiple Cross-Site Scripting Vulnerabilities
Description: CmScout is a content management application. It is
vulnerable to multiple cross-site scripting issues due to insufficient
sanitization of user-supplied input to various scripts. CmScout
versions 1.10 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432725
______________________________________________________________________

06.18.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyNews Multiple Cross-Site Scripting Vulnerabilities
Description: MyNews is a web-based news reader application. It is
vulnerable to multiple cross-site scripting issues due to insufficient
sanitization of user-supplied input to the "hash" and "page"
parameters of the "mynews.inc.php" script. MyNews version 1.6.2 is
vulnerable.
Ref: http://www.cyber-soldiers.org/Dream/mynews.txt
______________________________________________________________________

06.18.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Albinator Multiple Cross-Site Scripting Vulnerabilities
Description: Albinator is a content management system. Insufficient
sanitization of user-supplied input exposes the application to
multiple cross-site scripting issues. Albinator version 2.0.8 is
affected.
Ref: http://www.securityfocus.com/bid/17826
______________________________________________________________________

06.18.58 CVE: CVE-2006-2176
Platform: Web Application - Cross Site Scripting
Title: PHP Linkliste Linkliste.PHP Multiple Cross-Site Scripting
Vulnerabilities
Description: PHP Linkliste is a web-based news reader application
implemented in PHP. PHP Linkliste is prone to multiple cross-site
scripting vulnerabilities. This issue affects version 1.0.
Ref: http://d4igoro.blogspot.com/2006/05/php-linkliste-10b-xss.html
______________________________________________________________________

06.18.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Cute Guestbook Comments HTML Injection
Description: Cute Guestbook is a web-based guestbook application. It
is prone to an HTML injection vulnerability. The application fails to
properly sanitize user-supplied input before using it in dynamically
generated content. All versions of Cute Guestbook are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432953
______________________________________________________________________

06.18.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Network Administration Visualized Multiple SQL Injection
Vulnerabilities
Description: Network Administration Visualized is a networking
monitoring application. It is vulnerable to multiple unspecified SQL
injection issues due to insufficient sanitization of user-supplied
input. Network Administration Visualized version 3.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/17734
______________________________________________________________________

06.18.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DUclassified Detail.ASP SQL Injection
Description: DUclassified is affected by an SQL injection issue due to
insufficient sanitization of the "iPro" parameter of the "detail.asp"
script. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17722
______________________________________________________________________

06.18.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Blog Mod Weblog_posting.PHP SQL Injection
Description: Blog Mod is prone to an SQL injection vulnerability. The
application fails to properly sanitize user-supplied input to the "r"
parameter of the "weblog_posting.php" script before using it in an SQL
query. Blog Mod versions 0.2.4b and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432602
______________________________________________________________________

06.18.63 CVE: CVE-2006-2214
Platform: Web Application - SQL Injection
Title: 4images Multiple SQL Injection Vulnerabilities
Description: 4images is an image gallery application, written in PHP.
The application is prone to multiple unspecified SQL injection
vulnerabilities due to improper sanitization of user-supplied input to
the "sessionid" parameter of the "top.php" and "member.php" scripts.
Ref: http://www.securityfocus.com/archive/1/432590
______________________________________________________________________

06.18.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPNuke Downloads Module SQL Injection
Description: PHPNuke is a web-based content management system (CMS).
It is vulnerable to an SQL injection issue due to insufficient
sanitization of user-supplied input to the "Downloads" module.
PHP-Nuke versions 7.9 and earlier are vulnerable.
Ref: http://www.securityfocus.com/bid/17749
______________________________________________________________________

06.18.65 CVE: CVE-2006-2139
Platform: Web Application - SQL Injection
Title: PHP Newsfeed Multiple SQL Injection Vulnerabilities
Description: PHP Newsfeed is a web-based news application implemented
in PHP. The application is prone to multiple SQL injection
vulnerabilities because it fails to properly sanitize user-supplied
input. PHP Newsfeed version 2004/07/23 is vulnerable.
Ref: http://evuln.com/vulns/130/
______________________________________________________________________

06.18.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ruperts News Script Login.PHP SQL Injection
Description: Ruperts News Script is a news reader application. It is
prone to an SQL injection vulnerability due to insufficient
sanitization of user-supplied input to the "username" parameter of the
"login.php" script.
Ref: http://www.securityfocus.com/bid/17758
______________________________________________________________________

06.18.67 CVE: CVE-2006-2128, CVE-2006-2129
Platform: Web Application - SQL Injection
Title: DeltaScripts PHP Pro Publish Multiple SQL Injection
Vulnerabilities
Description: DeltaScripts PHP Pro Publish is a web-based application.
It is vulnerable to multiple SQL injection issues due to insufficient
sanitization of user-supplied input to the "login.php", "search.php"
and "art.php" scripts. DeltaScripts PHP Pro Publish version 2.0 is
vulnerable.
Ref: http://evuln.com/vulns/130/summary.html
______________________________________________________________________

06.18.68 CVE: CVE-2006-2136
Platform: Web Application - SQL Injection
Title: AZNEWS News.PHP SQL Injection
Description: AZNEWS is a news reader application. It is vulnerable to
an SQL injection issue due to insufficient sanitization of
user-supplied input to the "ID" parameter of the "news.php" script.
AZNEWS version 1.0 is vulnerable.
Ref: http://evuln.com/vulns/126/
______________________________________________________________________

06.18.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MaxTrade Multiple SQL Injection Vulnerabilities
Description: MaxTrade is a web-based online trading script. The
application is prone to multiple SQL injection vulnerabilities.
Specifically, the application fails to sanitize input to the
"categori" and "stranica" parameters of "pocategories.php". MaxTrade
version 1.0.1 is vulnerable.
Ref: http://pridels.blogspot.com/2006/04/maxtrade-sql-inj.html
______________________________________________________________________

06.18.70 CVE: CVE-2006-1135
Platform: Web Application - SQL Injection
Title: SBlog Search.PHP SQL Injection
Description: sBlog is a simple web log application implemented in PHP.
It is vulnerable to an SQL injection issue due to insufficient
sanitization of user-supplied input to various scripts. sBlog version
0.7.2 is vulnerable.
Ref: http://www.subjectzero.net/research/sblog.htm
______________________________________________________________________

06.18.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Gallery Post.PHP SQL Injection
Description: Invision Gallery is affected by an SQL injection issue
due to insufficient sanitization of the "album" parameter in the
"post.php" script. Invision Gallery version 2.0.7 resolves the issue.
Ref: http://www.securityfocus.com/bid/17793
______________________________________________________________________

06.18.72 CVE: CVE-2006-2209
Platform: Web Application - SQL Injection
Title: Pacheckbook Index.PHP Multiple SQL Injection Vulnerabilities
Description: Pacheckbook is a web-based checkbook script implemented
in PHP. The application is prone to multiple SQL injection
vulnerabilities because it fails to sanitize input to the "entry" and
"transtype" parameters of "index.php".
Ref: http://www.securityfocus.com/bid/17821
______________________________________________________________________

06.18.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Power Board Func_mod.PHP SQL Injection
Description: Invision Power Board is web forum software. It is
vulnerable to an SQL injection issue due to insufficient sanitization
of user-supplied input to the "func_mod.php" script. Invision Board
versions 2.1.5 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432591/30/60/threaded
______________________________________________________________________

06.18.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Power Board Index.PHP SQL Injection
Description: Invision Power Board is web forum software. Insufficient
sanitization of the "pid" parameter of the "index.php" script exposes
the appliction to an SQL injection issue. All current versions are
affected.
Ref: http://www.securityfocus.com/bid/17839
______________________________________________________________________

06.18.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: saPHP Lesson Multiple SQL Injection
Description: saPHP Lesson is a forum application. Insufficient
sanitization of user-supplied input exposes the application to
multiple SQL injection issues. saPHP version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/17848
______________________________________________________________________

06.18.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Community Blog Mod.PHP SQL Injection
Description: Invision Community Blog is a web blog plugin module for
Invision Power Board. It is prone to an SQL injection vulnerability
due to insufficient sanitization of user-supplied input to the "ids"
parameter of the "mod.php" script. Invision Community Blog versions
1.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17851
______________________________________________________________________

06.18.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Newsadmin Readarticle.PHP SQL Injection
Description: Newsadmin is a web-based news publishing application. It
is vulnerable to an SQL injection issue due to insufficient
sanitization of user-supplied input to the "nid" parameter of the
"readarticle.php" script. Newsadmin version 1.1 is vulnerable.
Ref: http://evuln.com/vulns/133/summary.html
______________________________________________________________________

06.18.78 CVE: Not Available
Platform: Web Application
Title: I-RATER Platinum Config_settings.TPL.PHP Remote File Include
Description: I-RATER Platinum is a web-based image rating script. It
is prone to a remote file include vulnerability due to insufficient
sanitization of user-supplied input to the "include_path" variable of
the "config_settings.tpl.php" script.
Ref: http://www.securityfocus.com/bid/17731
______________________________________________________________________

06.18.79 CVE: CVE-2006-2119
Platform: Web Application
Title: Artmedic Event Index.PHP Remote File Include
Description: Artmedic Event is a web application, implemented in PHP.
Artmedic Event is prone to a remote file include vulnerability. All
versions of Artmedic Event are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432404
______________________________________________________________________

06.18.80 CVE: Not Available
Platform: Web Application
Title: CoolMenus Index.PHP Remote File Include
Description: CoolMenus is a menu builder script. Insufficient
sanitization of the "page" parameter in the "index.php" script exposes
the application to a remote file include issue. Coolmenus Event Script
version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/17738
______________________________________________________________________

06.18.81 CVE: CVE-2005-4190
Platform: Web Application
Title: Trac Wiki Macro Remote HTML Injection Vulnerabilities
Description: Trac is an issue tracking system. It is vulnerable to
multiple unspecified HTML injection issues due to insufficent
sanitization of user-supplied input to the "Wiki" macro of the
application. Trac versions 0.9.4 and earlier are vulnerable.
Ref: http://projects.edgewall.com/trac/wiki/ChangeLog
______________________________________________________________________

06.18.82 CVE: Not Available
Platform: Web Application
Title: Advanced GuestBook Addentry.PHP Remote File Include
Description: Advanced GuestBook for phpBB is a guestbook application.
It is prone to a remote file include vulnerability due to insufficient
sanitization of user-supplied input to the "phpbb_root_path" variable
of the "addentry.php" script. Versions 2.4.0 and prior are reported to
be vulnerable.
Ref: http://www.securityfocus.com/bid/17745
______________________________________________________________________

06.18.83 CVE: Not Available
Platform: Web Application
Title: Thyme Search Page HTML Injection
Description: Thyme is a calendar application. Insufficient
sanitization of the "search" field on the "Search" page of the
application allows theft of session cookie data. Extrosoft Thyme
version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/17746
______________________________________________________________________

06.18.84 CVE: Not Available
Platform: Web Application
Title: W-Agora BBCode Script Injection
Description: W-Agora is a bulletin board application. It is prone to a
script injection vulnerability due to insufficient sanitization of
user-supplied input to the BBCode tags of unspecified scripts. This
issue is reported to affect version 4.20.
Ref: http://www.securityfocus.com/bid/17751
______________________________________________________________________

06.18.85 CVE: CVE-2006-2116
Platform: Web Application
Title: PlanetGallery Gallery_admin.PHP Authentication Bypass
Description: PlanetGallery is an electronic postcard application.
PlanetGallery is prone to an authentication bypass vulnerability
because it fails to prompt for authentication credentials when
navigating to the "/admin/gallery_admin.php" script.
Ref: http://www.securityfocus.com/bid/17753
______________________________________________________________________

06.18.86 CVE: CVE-2006-2118
Platform: Web Application
Title: JMK Picture Gallery Admin_Gallery.PHP3 Authentication Bypass
Description: JMK Picture Gallery is a web-based gallery application.
It is vulnerable to an authentication bypass issue because the
"admin_gallery.php3" script fails to prompt for authentication
credentials. All versions of JMK Picture Gallery are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432575
______________________________________________________________________

06.18.87 CVE: Not Available
Platform: Web Application
Title: DMCounter Kopf.PHP Remote File Include
Description: DMCounter is web statistics software. Insufficient
sanitization of the "rootdir" parameter in the "kopf.php" script
exposes the application to a remote file include issue. DMCounter
version 0.9.2-b is affected.
Ref: http://www.securityfocus.com/bid/17756
______________________________________________________________________

06.18.88 CVE: Not Available
Platform: Web Application
Title: HB-NS Multiple Input Validation Vulnerabilities
Description: HB-NS is a web-based newscript application. Insufficient
sanitization of user-supplied input exposes the application to
multiple cross-site scripting and SQL injection issues. HB-NS version
1.1.6 is affected.
Ref: http://www.securityfocus.com/bid/17752
______________________________________________________________________

06.18.89 CVE: CVE-2006-2142
Platform: Web Application
Title: Limbo CMS SQL.PHP Remote File Include
Description: Limbo CMS is a web-based content management application
implemented in PHP. It is prone to a remote file include vulnerability
due to improper sanitization of user-supplied input to the
"classes_dir" parameter of the "sql.php" script. This issue is
reported to affect version 1.04.
Ref: http://milw0rm.com/exploits/1729
______________________________________________________________________

06.18.90 CVE: Not Available
Platform: Web Application
Title: phpBB Knowledge Base Mod KB_constants.PHP Remote File Include
Description: Knowledge Base Mod is an add-on for phpBB. Insufficient
sanitization of the "module_root_path" parameter in the
"kb_constants.php" script exposes the application to a remote file
include issue. phpBB versions 2.0.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17763
______________________________________________________________________

06.18.91 CVE: CVE-2006-1905
Platform: Web Application
Title: Xine Filename Handling Remote Format String
Description: The xine package is a multimedia player for UNIX/Linux
variants. The xine package is reported to be prone to a remote format
string vulnerability. Version 0.99.4 of xine is vulnerable to this
issue.
Ref: http://www.securityfocus.com/archive/1/432598
______________________________________________________________________

06.18.92 CVE: Not Available
Platform: Web Application
Title: Simple Poll Authentication Bypass
Description: Free-PHP.net Simple Poll is a web-based polling
application. It is vulnerable to an authentication bypass issue
because failing to prompt for authentication credentials when
navigating to the "/admin/" directory. Simple Poll version 1.0 is
vulnerable.
Ref: http://www.securityfocus.com/archive/1/432577
______________________________________________________________________

06.18.93 CVE: Not Available
Platform: Web Application
Title: OpenPHPnuke Remote File Include
Description: OpenPHPnuke is a web-based content management system.
Insufficient sanitization of the "root_path" parameter of the
"master.php" script exposes the application to a remote file include
issue. OpenPHPnuke version 2.3.3 is affected.
Ref: http://www.securityfocus.com/bid/17772
______________________________________________________________________

06.18.94 CVE: Not Available
Platform: Web Application
Title: X7 Chat Index.PHP Local File Include
Description: X7 Chat is a web-based chatroom application. Insufficient
sanitization in the "index.php" script of the "help_file" parameter
against directory traversal sequences "../" exposes the application to
a file include issue. X7 Chat versions 2.0 and earlier are affected.
Ref: http://www.securityfocus.com/bid/17777
______________________________________________________________________

06.18.95 CVE: Not Available
Platform: Web Application
Title: SF-Users Username HTML Injection
Description: SF-Users is a web-based user system implemented in PHP.
It is prone to an HTML injection vulnerability due to insufficient
sanitization of user-supplied input to the "username" field.
Ref: http://www.securityfocus.com/bid/17783
______________________________________________________________________

06.18.96 CVE: Not Available
Platform: Web Application
Title: Russcomm Network LoginPHP Username HTML Injection
Description: loginphp is a web-based login script. It is prone to an
HTML injection vulnerability because it fails to properly sanitize
user-supplied input to the "username" field before being displayed in
the list of users.
Ref: http://www.securityfocus.com/archive/1/432729
______________________________________________________________________

06.18.97 CVE: CVE-2006-2168
Platform: Web Application
Title: FileProtection Express Authentication Bypass
Description: FileProtection Express is a file security application. It
is vulnerable to an authentication bypass issue because the
application fails to verify cookie-based authentication credentials.
FileProtection Express versions 1.0.1 and earlier are vulnerable.
Ref: http://www.securityfocus.com/archive/1/432728
______________________________________________________________________

06.18.98 CVE: CVE-2006-2159
Platform: Web Application
Title: Russcom Network Loginphp Open EMail Relay
Description: Russcom Network Loginphp is a web-based login script. It
is vulnerable to a remote open email relay issue due to insufficient
sanitization of user-supplied input to the "mail()" function in the
"help.php" script. All versions of Russcom Network Loginphp are
vulnerable.
Ref: http://www.securityfocus.com/archive/1/432729
______________________________________________________________________

06.18.99 CVE: CVE-2006-2210, CVE-2006-2211
Platform: Web Application
Title: 312Soft PhP-Gallery Multiple Input Validation Vulnerabilities
Description: 312Soft PhP-Gallery is an image gallery application. It
is vulnerable to information disclosure and cross-site scripting
issues due to insufficient sanitization of user-supplied input to
various scripts. 312Soft PhP-Gallery version 0.9 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432964
______________________________________________________________________

06.18.100 CVE: Not Available
Platform: Web Application
Title: FtrainSoft Fast Click Multiple Remote File Include
Vulnerabilities
Description: Fast Click is a hit counter application. Insufficient
sanitization of the "path" parameter of the "show.php" and the
"top.php" scripts exposes the application to a remote file include
issue. All current versions are affected.
Ref: http://www.securityfocus.com/bid/17813
______________________________________________________________________

06.18.101 CVE: Not Available
Platform: Web Application
Title: Fast Click SQL Lite Show.PHP Remote File Include
Description: Fast Click SQL Lite is a web visitor counter application,
implemented in PHP. It is prone to a remote file include vulnerability
due to insufficient sanitization of user-supplied input to the "path"
parameter of the "show.php" script. This issue is reported to affect
versions 1.1.3 and prior.
Ref: http://www.securityfocus.com/bid/17819
______________________________________________________________________

06.18.102 CVE: Not Available
Platform: Web Application
Title: PHPBB-Auction Auction_Common.PHP Remote File Include
Description: PHPBB-Auction is an auction module. It is vulnerable to a
remote file include issue due to insufficient sanitization of
user-supplied input to the "phpbb_root_path" parameter of the
"auction_common.php" script. PHPBB-Auction versions 1.3 and earlier
are vulnerable.
Ref: http://pridels.blogspot.com/2006/05/phpbb-auction-mod-remote-file.html
______________________________________________________________________

06.18.103 CVE: Not Available
Platform: Web Application
Title: PunBB Multiple Input Validation Vulnerabilities
Description: PunBB is a bulletin board application. PunBB is prone to
an HTML injection and a cross-site scripting vulnerability. Both
vulnerabilities occur when malicious HTML and script code is sent to
the "reg_message" parameter of the "index.php" script. PunBB version
1.2.11 is vulnerable.
Ref: http://www.securityfocus.com/archive/1/432950
______________________________________________________________________

06.18.104 CVE: Not Available
Platform: Web Application
Title: Albinator Multiple Remote File Include Vulnerabilities
Description: Albinator is a web-based content management system.
Insufficient sanitization of user-supplied input exposes the
application to multiple remote file include issues. Albinator version
2.0.8 is affected.
Ref: http://www.securityfocus.com/bid/17825
______________________________________________________________________

06.18.105 CVE: CVE-2006-2178, CVE-2006-2179
Platform: Web Application
Title: CyberBuild Multiple Input Validation Vulnerabilities
Description: CyberBuild is a web portal application. It is vulnerable
to multiple input validation vulnerabilities such as cross-site
scripting and SQL injection. This is due to insufficient sanitization
of user-supplied input. All versions of CyberBuild are vulnerable.
Ref: http://pridels.blogspot.com/2006/05/cyberbuild-vuln.html
______________________________________________________________________

06.18.106 CVE: Not Available
Platform: Web Application
Title: Bigwebmaster Guestbook Multiple HTML Injection Vulnerabilities
Description: Bigwebmaster Guestbook is a web-based guestbook
application. Insufficient sanitization of user-supplied input to the
"addguest.cgi" script exposes the application to various HTML
injection issues. Bigwebmaster Guestbook version 1.02 is affected.
Ref: http://www.securityfocus.com/bid/17834
______________________________________________________________________

06.18.107 CVE: Not Available
Platform: Web Application
Title: AWStats Remote Arbitrary Command Execution
Description: AWStats is an application that provides statistics on
server traffic. It is prone to an arbitrary command execution
vulnerability. A specially crafted request can be used to inject
arbitrary commands into the perl open() function through use of the
pipe "|" character. An attacker can exploit this vulnerability to
execute arbitrary shell commands in the context of the webserver
process. AWStats version 6.5-1 is vulnerable.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909
______________________________________________________________________

06.18.108 CVE: CVE-2006-2158
Platform: Web Application
Title: Stadtaus Guestbook Index.PHP Remote File Include
Description: Stadtaus Guestbook is a web-based guestbook. It is
vulnerable to a remote file include issue due to insufficient
sanitization of user-supplied input to the "include_files" array
parameter. Stadtaus.com Guestbook version 1.7 is vulnerable.
Ref: http://www.stadtaus.com/forum/t-2600.html
______________________________________________________________________

06.18.109 CVE: CVE-2006-1537
Platform: Web Application
Title: WebCalendar Username Enumeration
Description: WebCalendar is prone to a username enumeration
vulnerability. Attempts to authenticate to the service result in
differing error messages when unsuccessful. If the username entered
does not belong to a valid user, then the application responds with
"Invalid login", otherwise the application responds with either
"Invalid login: incorrect password" or "Invalid login: no such user".
Attackers may exploit this vulnerability to discern valid usernames.
Ref: http://www.securityfocus.com/archive/1/433053
______________________________________________________________________

06.18.110 CVE: Not Available
Platform: Network Device
Title: Cisco Unity Express Expired Password Privilege Escalation
Description: Cisco Unity Express (CUE) is an optional hardware module
for Cisco modular routers. It is prone to a vulnerability that could
allow an unprivileged attacker to escalate their privilege level. The
issue exists because the CUE HTTP management interface allows any
authenticated user to change the password for an account with an
expired password. CUE Advanced Integration Module (AIM) or Network
Module (NM) running CUE software versions prior to 2.3(1) are affected
by this issue.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml
______________________________________________________________________

06.18.111 CVE: Not Available
Platform: Network Device
Title: Fujitsu NetShelter Unspecified DNS Denial Of Service
Description: Fujitsu NetShelter is a network firewall device. It is
susceptible to an unspecified remote denial of service vulnerability.
The problem occurs when malformed DNS datagrams of an undetermined
nature are processed by the service. The service fails to handle the
datagrams properly, and then crashes.
Ref: http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en
______________________________________________________________________

06.18.112 CVE: CVE-2006-2213
Platform: Network Device
Title: hostapd Invalid EAPOL Key Length Remote Denial Of Service
Description: The hostapd application is an open source wireless access
point and authentication server. It is vulnerable to a remote denial
of service issue due to a insufficient handling of malformed EAPOL Key
packets. The hostapd application versions 0.3.7 and earlier are
vulnerable.
Ref: http://www.frsirt.com/english/advisories/2006/1657
______________________________________________________________________

(c) 2006. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.

==end==

Subscriptions: RISK is distributed free of charge to people responsible
for managing and securing information systems and networks. You may
forward this newsletter to others with such responsibility inside or
outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFEX9sI+LUG5KFpTkYRAoRoAJ4jcirS4QE0Ty+H1C9SomErm9BLTgCfXT4O
blmIq/VRXvG+Xxjed98yVl4=
=XSGt
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]